package cn.sciento.boot.iam.field.handler;

import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.lang3.reflect.FieldUtils;
import cn.sciento.boot.iam.field.dto.FieldPermission;
import cn.sciento.core.util.SensitiveUtils;
import org.springframework.util.CollectionUtils;

public class DesensitizationFieldHandler extends SecurityTokenObjectRecursiveHandler {
  private static final String PERMISSION_TYPE = "DESENSITIZE";
  
  public int getOrder() {
    return 10;
  }
  
  public void afterProcess(List<FieldPermission> fieldPermissionList, Object arg) {
    if (CollectionUtils.isEmpty(fieldPermissionList) || arg == null)
      return; 
    recursive(fieldPermissionList
        .stream()
        .filter(item -> "DESENSITIZE".equals(item.getPermissionType()))
        .collect(Collectors.toList()), arg, (obj, fieldName, fieldPermission) -> FieldUtils.writeDeclaredField(obj, fieldName, desensitization(obj, fieldName, fieldPermission.getPermissionRule()), true));
  }
  
  private String desensitization(Object obj, String fieldName, String rule) throws IllegalAccessException {
    if (obj == null)
      return null; 
    Object fieldValue = FieldUtils.readDeclaredField(obj, fieldName, true);
    if (!(fieldValue instanceof String))
      throw new IllegalArgumentException("Field " + fieldName + " in " + obj.getClass() + " is not a String.class"); 
    return SensitiveUtils.generateCipherTextByCipher((String)fieldValue, new String[] { rule }, '*', 0, 0);
  }
}
